Bugtraq mailing list archives
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B)
From: Stefan Esser <s.esser () e-matters de>
Date: Tue, 17 Dec 2002 07:37:23 +0100
On Mon, Dec 16, 2002 at 11:56:10PM -0500, Valdis.Kletnieks () vt edu wrote:
*ON THE WIRE*, all 256 byte codes are legal, since DNS uses a length-data
Yes noone said it is not, but fact is, the libc resolvers simply do not allow them, so you can send through the wire whatever you want it will not find its way to the fingerd. Stefan Esser
Attachment:
_bin
Description:
Current thread:
- PFinger 0.7.8 format string vulnerability (#NISR16122002B) NGSSoftware Insight Security Research (Dec 16)
- RE: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Stefan Esser (Dec 16)
- Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) der Mouse (Dec 17)
- Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Valdis . Kletnieks (Dec 17)
- Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Stefan Esser (Dec 17)
- Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) der Mouse (Dec 17)
- Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Andreas Borchert (Dec 18)
- RE: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Stefan Esser (Dec 16)
- Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Andreas Tscharner (Dec 27)